How to pin version of ancestor dependencies in Pip?

Question

We are developing a Python-based service that has several pip dependencies.

The dependencies are listed in a requirements.txt file with pinned versions i.e:

package_a==1.0.0
package_b==2.0.0

So we are running the pip install -e requirements.txt.

Lately, we are facing problems where the dependencies of the listed packages have breaking interfaces in the newer versions and they are installed automatically because the version specifier in the setup.py file of package_a for example is: "package_x >= 2.0".

So once there is a package_x with version 3.0 - it is installed and breaks the software.

We thought out of a number of ways to handle this:

1. Deploying our own local pip repository and managing the specific versions we want to handle (but this might cause problems as the software evolves and we'll require to build old versions)
2. Running a pip3 freeze on all the systems and putting everything inside requirements.txt including the dependencies of the dependencies with pinned versions
3. Using the constraints feature by pinning the versions of the dependencies of dependencies keeping the requirements file as is and executing pip3 install -r requrements.txt -c constraints.c. So in this case the constraints will have the "package_x==2.0" value.

We saw some resources related to that but didn't get to a clear conclusion if this should be #2 or #3 or any other solution that is better for this use case. (1,2,3)

Please advice.