Pin dev dependencies

Description

Checklist

Please confirm that this pull request has done the following:

• Decide whether the better approach is pins like this or including the lock files in the template (currently leaning toward the latter)
  • Decided on pins because you can't lock properly until you know the package name, so you have to run a lock command after setting up the repo, which isn't an ideal flow to test/manage.
• (N/A) Tests added
• Documentation added (where applicable)
• Changelog item added to changelog/