If the specific version of a dependency (or subdependency) isn't pinned, then the next time the package is installed in another environment it'll get the most recent matching version. That version might break your code.
If the specific version of all subdependencies are pinned, then you have a mess on your hands of keeping track of what's actually required. You have to either manually maintain your requirements.txt, or you run the risk of removing a dependency and missing the removal of its subdependencies.
Further, you can't just upgrade everything, but dependencies might have conflicting version requirements for subdependencies.
Transitive dependencies... it seems to be common in Python libs to express dependencies using version ranges - but then version 18.1 breaks something that worked under 18.0 - which isn't what you'd expect if it followed semver.
If the specific version of all subdependencies are pinned, then you have a mess on your hands of keeping track of what's actually required. You have to either manually maintain your requirements.txt, or you run the risk of removing a dependency and missing the removal of its subdependencies.
Further, you can't just upgrade everything, but dependencies might have conflicting version requirements for subdependencies.