By default there is no assurance that any external resource you use is going to be the same every time. Whether that's another image, a package you install, etc. This is something you have to ensure yourself if you want it to be actually reproducible. Specifying a specific version or hash of an external resource can help get you there.
Thanks - that makes sense now. I was thinking of "reproducible" as in it does the same thing each time, but as you say, that can lead to different outcomes - usually updated or patched versions of base images etc.