It 100% is, unfortunately. I don't recall this happening in recent history, but it has been the case that 3rd party services have broken CI/CD pipelines and production pushes (e.g pip broke a few weeks ago, and their own pipeline for deploying changes was blocked by the bug).
It's very easy for these kind of dependancies to creep into the build process. If the worst case cost of not being able to create a new build out-weights the cost of rearchitecting your build process then it's something you should seriously consider. On the plus side it also brings additional benefits like faster builds and resilience against packages being unilaterally removed.
