It might seem that versions of crucial packages in Conda-Analytics are pinned in conda-environment.yml (which in turn adds them to conda-environment.lock.yml).
However, those files just specify what versions should be installed in the new environment to start; Conda happily ignores them in all future transactions. This doesn't just mean that package A will be updated if the user runs conda update A. If the user runs conda install B and B lists A as a dependency, Conda will automatically upgrade A to the latest version (even if B's requirement is already satisfied by the existing version).
As you can imagine, this is a huge source of environment problems!
It should be easy to fix this by actually pinning versions when necessary by adding the specifications to a pinned file in the environment's conda-meta directory (docs).
Here's an example pinned file:
jupyter_core ==5.5.0 jupyter_server ==1.24.0 jupyter_telemetry ==0.1.0 jupyterhub ==1.5.0 jupyterhub-ldapauthenticator ==1.3.2 jupyterhub-singleuser ==1.5.0 jupyterhub-systemdspawner ==0.15.0 jupyterlab ==3.4.8 jupyterlab_pygments ==0.2.2 jupyterlab_server ==2.25.0 # https://phabricator.wikimedia.org/T356230 numpy <1.24 # https://phabricator.wikimedia.org/T356230 pandas <2.2 pyspark ==3.1.2 python ==3.10.* sqlalchemy <2