Running pipenv install/uninstall/update with --keep-outdated will prevent pipenv from updating unrelated locked packages. (It’s odd that this is not the default befavior).
If you don’t want some packages to ever be updated automatically, you should pin those in your Pipfile, e.g:
[packages]
django = "==2.2"
djangorestframework = "==3.9.2"