Managing cookbok dependency versions on environments vs metadata

Hi,

I'm working with a company that sets the locks the cookbooks versions on environments. But, no cookbook has a dependency locked on the metadata, so when we updated a dependency like ark 1.2.0 to ark 1.3.0, all the environment is impacted. I was arguing we should move to setting the dependencies versions on the cookbooks metadata, and only fix the versions of the cookbooks the company develops.

I wanted to ask about opinions on this, I already saw the discussion on

But I wanted to know what options people are using in 2018.

Thanks in advance!